- Security TWENTY
- Women in Security Awards
The IASME Maritime Cyber Baseline scheme is the latest certification scheme by IASME. Supported by The Royal Institution of Naval Architects (RINA), it’s aimed at shipping operators and vessel owners, for their cyber security, and to align with the UN agency the International Maritime Organization’s (IMO) Maritime Cyber Risk Management guidelines.
The scheme is open to vessels of all sorts, whether yachts, commercial and passenger ships or merchant vessels. It’s a way for operators and owners to counter emerging cyber threats and to reduce the likelihood of a cyber-attack disrupting day-to-day operations, say organisers. The scheme has been developed with Infosec Partners.
The Maritime Cyber Baseline enables shipping operators and vessel owners to reassure supply chain partners, passengers, flag and port authorities that a vessel has suitable cyber security controls and processes. To show compliance, an IASME Maritime Cyber Baseline digital certificate that can be displayed on a vessel and in business communications.
Chris Boyd, Chief Executive of The Royal Institution of Naval Architects, said: “The Royal Institution of Naval Architects are delighted to be supporting IASME’s new maritime cyber security scheme and recognise it as an effective way for operators and owners to improve the security of their vessels. The maritime sector is a vital part of the global economy; RINA and its members play a key part in ensuring the vessels are secure throughout their lifecycle. We encourage all those involved in the sector to look at IASME Maritime Cyber Baseline as a practical way to reduce the disruptive impact of cyber-attacks.”
And Dr Emma Philpott MBE, CEO of IASME, pictured, said: “We are really excited to be tackling the difficult issue of cyber security within shipping with our new Maritime Cyber Baseline scheme. IASME has revolutionised the approach to cyber security within businesses through our IASME Governance certification and most recently has worked with the Civil Aviation Authority to deliver their cyber security audit scheme for the aviation sector. We look forward to getting directly involved with shipping operators and owners to improve their security and get them certified to the new scheme”
How does the scheme work?
A set of core security controls have maximum impact on cyber security and give the best return on effort and investment. It has two stages of assurance:
· Verified self-assessment = basic level of assurance
· Audited = higher level of assurance
The controls that must be put in place onboard are the same for both levels of assurance.
The verified self-assessment requires ship owners or operators to answer questions about their vessel using the IASME secure online portal. The owner is required to sign a declaration attesting that the answers to the questions are accurate. The applicant receives feedback from the assessor on how they can improve the security of their vessel depending on the answers.
The audited stage involves a review of systems, processes and to verify the answers provided in the self-assessment. This level must be completed by all vessels 500 gwt or over to achieve certification. If the vessel passes the assessment, it is awarded Maritime Cyber Baseline certification. To maintain certification, an annual verified self-assessment must be completed on the first and second anniversary of the audit to show continued compliance.
Smaller vessels under 500 gwt are required to complete the verified self-assessment stage only to achieve certification. The cost is £750 plus VAT. All vessels of 500 gwt or over are required to complete both the verified self-assessment stage and the audited stage to achieve certification. The cost is £1950 plus VAT.
Set up in 2012, IASME Consortium offers cyber security and information assurance certification. It’s the delivery partner for Cyber Essentials, a UK Government-backed scheme for organisations protect themselves from the most common cyber attacks. IASME works with the UK Civil Aviation Authority to deliver their third-party cyber security audit model for the aviation sector and operates the IoT Security Assured scheme which certifies the security of internet-connected and operational technology devices.
IASME offers IASME Governance, an information assurance standard as an alternative to the international standard for information security management, ISO 27001, particularly for small companies. And IASME operates the Counter Fraud Fundamentals certification scheme with The Open Banking Implementation Entity, covering basic counter fraud controls. Visit www.iasme.co.uk.